PT-2026-20944 · Opentext · Opentext Web Site Management Server

Mario Tesoro

Published

2026-02-19

Updated

2026-02-27

CVE-2025-13672

CVSS v4.0

7.0

High

Vector

AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:L/VA:N/SC:H/SI:N/SA:N/S:P/AU:N/R:U/V:D/RE:H/U:Red

Name of the Vulnerable Software and Affected Versions OpenText Web Site Management Server versions 16.7.0 through 16.7.1

Description The software contains an Improper Neutralization of Input During Web Page Generation issue, leading to Reflected Cross-site Scripting (XSS). This allows for the injection of malicious JavaScript code through URL parameters. When a page preview is rendered, the injected script can execute on the client side. The issue involves rendering malicious scripts when a page preview is generated.

Recommendations Update OpenText Web Site Management Server to a version later than 16.7.1.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-13672

Affected Products

Opentext Web Site Management Server

PT-2026-20944 · Opentext · Opentext Web Site Management Server

CVE-2025-13672

Weakness Enumeration

Related Identifiers

Affected Products

References · 6